github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-18 18:30:35 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,039 Commits 55 Branches 109 Tags
d5cae10d3aba819b3bb4879abbc600a8d723bba1
Commit Graph

262 Commits

Author SHA1 Message Date
Felipe Zimmerle
d5cae10d3a Refactoring on variables::Variable 
Using the references on key and collection as shared pointers
 2020-12-22 22:14:43 -03:00
WGH
6528c95765 Use std::shared_ptr for variable resolution 
AnchoredSetVariable::resolve is called for every rule
(see RuleWithOperator::evaluate). The previous implementation allocated
a new copy of every variable, which quickly added up. In my tests,
AnchoredSetVariable::resolve function consumed 7.8% of run time.

AnchoredSetVariable (which is a multimap) values are never changed,
only added. This means it's safe to store them in std::shared_ptr,
and make resolve return shared_ptr pointing to the same object.

Other resolve implementation could also use this optimization by not
allocating new objects, however, they are not hot spots, so this
optimization was not implemented there.

In my benchmark, this raises performance from 117 requests per second to
131 RPS, and overhead is lowered from 7.8% to 2.4%.

As a bonus, replacing plain pointer with smart pointers make code
cleaner, since using smart pointers makes manual deletes no longer necessary.

Additionally, VariableOrigin is now stored in plain std::vector,
since it's wasteful to store structure containing just two integer
values using std::list<std::unique_ptr<T>>.
 2020-12-22 22:14:43 -03:00
Felipe Zimmerle
d3ba2318d6 Removes init from SetVar 2020-12-22 22:14:43 -03:00
WGH
904fd030f9 Remove unnecessary copying in transformations 
In C++11, string data is always null-terminated[1], and can be
freely modified[2].

[1] https://stackoverflow.com/questions/6077189/will-stdstring-always-be-null-terminated-in-c11
[2] https://stackoverflow.com/questions/38875623/is-it-permitted-to-modify-the-internal-stdstring-buffer-returned-by-operator
 2020-12-22 22:14:42 -03:00
WGH
d7e9e0aa5b Make all "rule id" variables of type RuleId 
Previously, ModSecurity inconsistently used RuleId, int and double for
rule id variables in different places.
 2020-12-22 22:14:42 -03:00
Felipe Zimmerle
0a3b658969 Introduces ActionWithExecution 2020-12-22 22:14:41 -03:00
Felipe Zimmerle
11111b5826 Removes method isDisruptive from Action class 2020-12-22 22:14:41 -03:00
Felipe Zimmerle
1522e7cd0a Action: make sure that null constructor is not used 2020-12-22 22:14:41 -03:00
Felipe Zimmerle
c38051324d Computes auditlog during rules load time 2020-12-22 22:14:41 -03:00
Felipe Zimmerle
bf3a1d84ff actions: Removes Rule parameter from runtime execute 
Generals organization on the Action class
 2020-12-22 22:14:38 -03:00
Felipe Zimmerle
eb3e05646d actions: Compute the rule association during rules load 2020-12-10 10:10:49 -03:00
Felipe Zimmerle
e5846e3fd3 Replaces lower case implementation 2020-12-10 10:10:48 -03:00
Felipe Zimmerle
999af35e22 Moves rule* headers to src/ 2020-12-10 10:10:47 -03:00
Felipe Zimmerle
da618a6b7d Cleanup on Action class 2020-12-10 10:10:47 -03:00
Felipe Zimmerle
3dcfc2582e Removes RuleMessage from action execute signature 2020-12-10 10:10:47 -03:00
Felipe Zimmerle
68f85628dd Refactoring: Makes transformations to work with new execute signature 2020-12-10 10:10:47 -03:00
Felipe Zimmerle
d9d074f661 Cosmetics: fix some cppcheck complains 2020-12-10 10:10:47 -03:00
Felipe Zimmerle
55b68fdebc Refactoring: rename evaluate to execute on actions 2020-12-10 10:10:47 -03:00
Felipe Zimmerle
f605359ca5 Refactoring in the Rule class to make it more elegant 2020-12-10 10:10:47 -03:00
Felipe Zimmerle
2b9ec1a0f1 Adds new method for rule merge 
IMPORTANT: SecDefaultAction specified on a child configuration will
overwrite the ones specified on the parent; Previously it was
concatenating.
 2020-12-10 10:10:46 -03:00
Felipe Zimmerle
33def54fa9 Moves default actions to be part of the rules 2020-12-10 10:10:46 -03:00
marshal09
288e9dbb3e Add new transformation call phpArgsNames 2020-12-10 10:10:46 -03:00
Felipe Zimmerle
59d4268882 Refactoring: renames Rule to RuleWithOperator 2020-03-31 10:00:08 -03:00
Felipe Zimmerle
8eb7b8fe6c Refactoring: Splits Rule into Rule and RuleWithActions 2020-03-30 20:22:37 -03:00
Felipe Zimmerle
43f8aee6b6 Splits Rule class into: Rule, RuleBase, RuleMarker 2020-03-30 20:21:36 -03:00
Felipe Zimmerle
fda03c0016 Yet another refactoring in Rule 2020-03-30 15:38:51 -03:00
Felipe Zimmerle
9c526b3647 Avoids copy on the transformation operation 2020-03-27 16:12:55 -03:00
Felipe Zimmerle
6b0ad8049a Having default actions as o shared pointer 2020-03-26 09:59:57 -03:00
Felipe Zimmerle
6367e6d5e9 Having a class Rules 2020-03-24 17:20:10 -03:00
Felipe Zimmerle
6a742cdf76 Refactoring: Renames RulesProperties to RulesSetProperties 2020-02-17 13:17:03 -03:00
Felipe Zimmerle
7495675d54 Refactoring: Renames Rules to RulesSet 
RulesSet does not only contain rules but alse properties
 2020-02-11 14:26:47 -03:00
Felipe Zimmerle
357c140003 Changens copyright year 2020-01-31 10:32:37 -03:00
Felipe Zimmerle
9101a8ab15 Cosmetics: address cppcheck warnings on src/actions 2020-01-22 10:37:51 -03:00
Felipe Zimmerle
86a5f471a9 Cosmetics: fixed static analysis issues. 2020-01-15 20:35:59 -03:00
martinhsv
0470168056 Fix: audit log data omitted when nolog,auditlog 2020-01-07 11:16:07 -03:00
martinhsv
01c7a2689b Fix test issue-1974 2019-10-24 09:57:49 -03:00
Felipe Zimmerle
47dd9c5df4 Refactoring on the VariableValue class 2019-06-14 10:13:54 -03:00
Ervin Hegedus
c0142cf326 Changed compared variables of range id intervall in ruleRemoveById ctl action. #2111 
* changed the variables in clause
* added test case (@theMiddle)
* fixes #2111
 2019-06-04 10:28:30 -03:00
Thierry Fournier
4a3e9734ef fix/minor: Error encoding hexa decimal 
String is defined as an array of char. The char can be negative. The
cast "reinterpret_cast" from char to int keep the negative side, so
the "unsigned char" number 0x91 is negative as "char". When it is
"reinterpret_cast" as integer, it becomes 0xffffff91, so the hexadecimal
display is broken:

   [155493246391.747672] [/absolute?what=badarg2] [9]  T (0) t:hexEncode: "ffffff91ffffffecffffffe6334bffffffebffffff87ffffff9affffff824a06ffffffc33b4cffff (14 characters omitted)"

This patch fix this behavior using classic cast without reinterpret_cast:

   [155493251286.221115] [/absolute?what=badarg2] [9]  T (0) t:hexEncode: "91ece6334beb879a824a06c33b4cb4240e4c6f56"
 2019-05-27 17:06:51 -03:00
Felipe Zimmerle
4e76c6adf0 Renames namespace Variables to variables 2019-03-06 15:53:20 -03:00
Felipe Zimmerle
78b7fa4e2c Adds missing drop.h 2018-12-26 11:05:54 -03:00
Felipe Zimmerle
d00ea5111d Adds initial support to drop action 2018-12-24 16:35:41 -03:00
Felipe Zimmerle
407b6c0f4b Fix setenv action to strdup key=variable 2018-11-29 15:18:15 -03:00
Wenfeng Liu
3b3004d24d Correct the usage of modsecurity::Phases::NUMBER_OF_PHASES 2018-11-27 09:23:00 -03:00
Felipe Zimmerle
ce3abf2626 Adds support to multiple ranges in ctl:ruleRemoveById 
Issue #1956
 2018-11-26 20:48:18 -03:00
Felipe Zimmerle
e712d30c56 Fix setvar to understand Rule variable in collections 
Issue #1961
 2018-11-26 19:49:44 -03:00
Victor Hora
ecad8c6c7e Fix buffer size for utf8toUnicode transformation 2018-11-16 14:58:40 -05:00
Felipe Zimmerle
18cdffdbca Encapsulates int[N] in a class to avoid compilation issues 
Depending on the compiler, there may be a compilation issue with the
usage of std::unique_ptr<int[]>. Therefore encapsulating it inside a
regular class.
 2018-11-01 11:50:15 -03:00
Victor Hora
e3b9f7c913 Fix SecUnicodeMapFile support 
Makes SecUnicodeMapFile read the file and adjust transformation to use the
right variable.
 2018-10-31 22:57:39 -03:00
Felipe Zimmerle
e1e8a01ed2 Override the default status code if not suitable to redirect action 
Issue #1850
 2018-10-30 18:20:23 -03:00